Techdirt has a post that’s worth a read that talks about a debate sparked by the NY Times and Computerworld about the ethics of downloading something you have already paid for.  Its an issue worth considering, especially in light of an expected new copyright reform bill in Canada.   It ties into issues about format shifting and whether copying is theft when it doesn’t deprive the owner of what they have.

That’s the title of my Slaw post for today.  It reads as follows:

The Canadian Privacy Commissioner is in the midst of  consultations on the privacy impacts of online tracking, profiling and targeting.  The first public event is a panel discussion taking place today  correction – Thursday the 29th in Toronto from 8:30 til 4:15.   This event is being webcast.  Viewers are invited to pose questions to the panelists.

To follow the consultations on twitter the hashtag is #priv2010.  The Privacy Commisioner’s office’s twitter handle is  @privacyprivee.

California police obtained a warrant and seized computer equipment from the home of Gizmodo editor Jason Chen.  Gizmodo is fighting back, saying that the seizure violates journalist shield laws.  This is part of an investigation into Gizmodo allegedly paying someone to give them a misplaced Apple iPhone prototype.   They took a long list of equipment, including laptops, a server, cameras, phones, hard drives, and flash drives.

Setting aside for a moment the issues of whether the seizure was lawful or appropriate, or whether Gizmodo’s actions merit a criminal investigation – think about how such a seizure would impact you in terms of a temporary or perhaps permanent loss of all your data. 

Yes, the risk of getting one’s computers seized is so slim its not worth worrying about.  It does illustrate though other risks that can arise from keeping backups only in the same building as the original.  Its great for protecting against equipment failure – but it won’t protect against things like a flood, fire, or natural disaster. (I have no idea what backup Chen has – I’m just making a point here.)

So the prudent approach – no matter what local backup you have - is to keep an offsite backup.  That can be online, or on a drive kept elsewhere – the method isn’t important so long as it is reasonably up to date, reliable, and secure.

Today is World Intellectual Property Day.   WIPO (the World Intellectual Property Organization) states that this day is meant:

- to raise awareness of how patents, copyright, trademarks and designs impact on daily life;

- to increase understanding of how protecting IP rights helps promote creativity and innovation;

- to celebrate creativity, and the contribution made by creators and innovators to the development of societies across the globe;

- to encourage respect for the IP rights of others.

So here’s my two cents worth on a high level view of  intellectual property:

- The interests and viewpoints of both creators and users are important.

- Balancing creator and user rights is important.

- The contributions to the world by creators (whether scientific breakthroughs, new tech devices, or entertainment) are important and should be fostered.

- IP law has to be practical – it affects the average person now more than ever.

- Remedies shouldn’t be arbitrary or do more harm than good.

- IP law needs to consider where tech and individual expectations are taking us.

- It’s never a bad thing to step back and ask basic questions about the goals of IP law – and how it might differ now than years ago.

A CBS report earlier this week talked about the information that is contained on photocopier hard drives, and how it is there for the taking on used machines.   Many people don’t realize that when photocopiers changed from analogue to digital technology several years ago, they work by storing print and copy jobs on internal hard drives.  

That’s why, for example, when you make 10 photocopies, it scans the original only once, then prints the 10 copies.

Those hard drives store a vast history of whatever documents have been copied, printed, scanned, or received or sent by fax on the machine.

So when one gets rid of a photocopier, those documents, and whatever confidential, sensitive, or personal information is on them, goes with it.   It is important to deal with that so the information cannot be published or get into the wrong hands.

So what should organizations do?

If you are throwing out an old copier that you own, the most effective thing is to remove the hard drive and destroy the platters within it.  Destruction to the “smithereen” level is required.

If you are selling the copier, or if it is going back to a copier company as a trade-in, or at the end of its lease, talk to the copier company.   The most reliable option is retrieving the hard drive before it leaves your premises and destroying it – with the understanding that it will require a new one to be used.

If that’s not practical, hire someone to wipe the drive before it leaves, or get written assurances from the copier company that they will wipe it immediately – preferably before it leaves your premises.

Keep in mind that merely “deleting” files from and memory device is not enough.  That still leaves the actual files there.  

Also that this issue is not just for photocopiers.   It applies to any digital device with memory – such as cell phones, jumpdrives, and that new iPad.   Almost everything is digital, and a computer these days.

For more detail on this issue, see an article I wrote  a while back,  this “secure destruction fact sheet” by the Ontario Privacy Commssioner, and these “Guidelines for media sanitation” by the National Institute of Standards and Technology, which was based on work funded by the US Department of Homeland Security.  (Both of those are pdf files.)

That’s the title of my Slaw post for today.  It reads as follows.

There is a lawsuit  and a criminal investigation underway resulting from a school outside of Philadelphia that secretly took pictures of students with webcams on laptops supplied by the school.

The idea was to use the webcams only in cases where a laptop was reported stolen.   It is alleged however that school officials turned on the webcams simply to spy on the students for their own curiosity.  

More details and commentary can be found on Techdirt, Boing Boing, and this AP story.

It’s hard to sort out reality from posturing, but it doesn’t look good for the school.

A couple of lessons can be learned from this.

First, people are a real weak link in the need to preserve privacy where any kind of surveillance or tracking is possible – despite good intentions behind the system.

Second, if you must use any kind of system that enables surveillance, take all possible steps to limit access, and make clear to those that have access that they will be held accountable if they misuse it.

The Canadian Privacy commissioner, and 9 of her colleagues from various countries, sent a joint letter to Google yesterday expressing concern about Google’s rollout of Google Buzz.

The letter says in part:

However, we are increasingly concerned that, too often, the privacy rights of the world’s citizens are being forgotten as Google rolls out new technological applications.  We were disturbed by your recent rollout of the Google Buzz social networking application, which betrayed a disappointing disregard for fundamental privacy norms and laws.  Moreover, this was not the first time you have failed to take adequate account of privacy considerations when launching new services. 

…

Users instantly recognized the threat to their privacy and the security of their personal information, and were understandably outraged. To your credit, Google apologized and moved quickly to stem the damage.

While your company addressed the most privacy-intrusive aspects of Google Buzz in the wake of this public protest and most recently (April 5, 2010) you asked all users to reconfirm their privacy settings, we remain extremely concerned about how a product with such significant privacy issues was launched in the first place.  We would have expected a company of your stature to set a better example.  Launching a product in “beta” form is not a substitute for ensuring that new services comply with fair information principles before they are introduced. 

For the London Free Press – April 19, 2010

Read this on Canoe

n December 2009, isoHunt, a BitTorrent and peer-to-peer search engine, was found liable by a U.S. District Court judge for inducing copyright infringement. The operator of the isoHunt website says he will appeal.

IsoHunt was founded by Canadian Gary Fung in January 2003. According to Wikipedia, thousands of torrents are added to and deleted from the website each day. Users of the website perform more than 40 million unique searches each month.

The isoHunt website is a file search engine, but according to its creator, it does not induce copyright infringement. This distinction is crucial because over the last few years, a number of peer-to-peer service companies have been shut down because they were deemed to have induced copyright infringement.

These players include Napster, shut down in 2001, Grokster and Morpheus, shut down in 2005, and TorrentSpy, shut down in 2008.

BitTorrent websites allow users to download files of any kind directly from the computers of other users. Fung says the isoHunt website is similar to a search engine, such as Google, as the website itself does not store any contents and the files are not downloaded from the servers of the websites, and thus should not be liable for inducing copyright infringement.

The U.S. District Court said Fung had solicited infringement of copyrighted files by the way he has designed his website and by comments he made in interviews and online. For example, the isoHunt website allows users to access the top searches or the top files by category. The website also links users to websites that have torrent files or that invite users to upload copyrighted files. The judge felt Fung was aware of the copyright infringement and actively induced the infringement.

More recently, Judge Stephen Wilson of the U.S. District Court in Los Angeles ordered isoHunt to remove all infringing content from its website.

“It is axiomatic that the availability of free infringing copies of the plaintiffs’ work through defendants’ websites irreparably undermines the growing legitimate market for consumers to purchase access to the same works,” Judge Wilson said.

Fung said Wilson’s injunction “amounts to nothing less than taking down our search engine . . . We’re discussing the mechanics, the process that is reasonable for an injunction. We’re still trying to hope that the judge will do the right thing.”

IsoHunt has also taken the initiative and sued the Canadian Recording Industry Association (CRIA) to get a court ruling regarding the legality of the website. This came before the Supreme Court of British Columbia in March 2009 for a summary judgment, but the court ordered the matter proceed to trial.

The line where someone becomes liable for a copyright infringement of another is not clear. U.S. courts have found some peer-to-peer service companies liable for providing tools that were deemed to be intended to be used for unlawful copying. But others have created services that essentially allow users to do the same thing but in a way that avoids liability for copyright infringement

The National Post ran a story yesterday after a JP refused to allow defence counsel to use his laptop in the courtroom, on the basis that it violated a rule against electronic recording devices.  The trial was adjourned because his notes were on it, and he could not proceed without it.

The tech law community is collectively scratching its heads about this for many reasons.   Some judges and lawyers understand the advantages of and encourage tech in the courtroom, but others, as the article quotes Mr. Justice Thomas Granger:   “look on computers with disdain, clinging to ancient courtroom traditions.”

In my view, even if counsel was to record the proceedings for his/her own use – what’s the harm in that?    As I’ve said before, “because we’ve always done it that way” is never a good answer.

That’s the title of my Slaw post for today.  It reads as follows.

We have seen much pressure over the years for governments to enact tougher laws for piracy and counterfeiting – often based on statistics that lead to conclusions that billions of dollars are being lost because of it.   

It leads to questionable things like three strikes laws, the Digital Economy Bill, and the ACTA treaty discussions.  Many people have questioned the statistics, and the conclusions based on them.

The US government accountability office (GAO) just released a report that concludes that while the problems are real, “Three widely cited U.S. government estimates of economic losses resulting from counterfeiting cannot be substantiated due to the absence of underlying studies”.  Also that assumptions are used to compensate for the lack of data.

For more commentary on this issue, see the reactions of Mike Masnick and Michael Geist.